File 20146-pygrub-security.patch of Package xen

# HG changeset patch
# User Keir Fraser <keir.fraser@citrix.com>
# Date 1251887904 -3600
# Node ID e513d565c8f1298d26bc614eabd1b7111693a940
# Parent  8fc92779847680fe40a1ee9c2a01b3effc7cd056
pygrub: Match bare-metal GRUB behavior for passwords

The password support patch already merged didn't match the bare-metal
GRUB behavior so I created a patch to match it. If password is entered
in grub.conf file, pressing `p` is required exactly like when using
"real" (bare-metal) GRUB. New options are available after the correct
password is entered.

Signed-off-by: Michal Novotny <minovotn@redhat.com>

Index: xen-3.3.1-testing/tools/pygrub/src/pygrub
===================================================================
--- xen-3.3.1-testing.orig/tools/pygrub/src/pygrub
+++ xen-3.3.1-testing/tools/pygrub/src/pygrub
@@ -412,16 +412,17 @@ class Grub:
         def draw():
             # set up the screen
             self.draw_main_windows()
-            self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
-            self.text_win.addstr(1, 0, "Press enter to boot the selected OS. 'e' to edit the")
-            self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ")
 
-            # if grub has password defined we allow option to enter password
-            if not self.cf.hasPassword():
+            if not self.cf.hasPassword() or self.cf.hasPasswordAccess():
+                self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
+                self.text_win.addstr(1, 0, "Press enter to boot the selected OS, 'e' to edit the")
+                self.text_win.addstr(2, 0, "commands before booting, 'a' to modify the kernel arguments ")
                 self.text_win.addstr(3, 0, "before booting, or 'c' for a command line.")
+
             else:
-                self.text_win.addstr(3, 0, "before booting, or 'c' for a command line. You can also")
-                self.text_win.addstr(4, 0, "press 'p' to enter password for modifications...")
+                self.text_win.addstr(0, 0, "Use the U and D keys to select which entry is highlighted.")
+                self.text_win.addstr(1, 0, "Press enter to boot the selected OS or `p` to enter a")
+                self.text_win.addstr(2, 0, "password to unlock the next set of features.")
 
             self.text_win.addch(0, 8, curses.ACS_UARROW)
             self.text_win.addch(0, 14, curses.ACS_DARROW)
@@ -455,20 +456,10 @@ class Grub:
                 self.screen.timeout(-1)
 
             # handle keypresses
-            if c == ord('c'):
-                # we disallow access without password specified
-                if not self.cf.hasPasswordAccess():
-                    self.text_win.addstr(6, 8, "You have to enter GRUB password first")
-                    break
-
+            if c == ord('c') and self.cf.hasPasswordAccess():
                 self.command_line_mode()
                 break
-            elif c == ord('a'):
-                # we disallow access without password specified
-                if not self.cf.hasPasswordAccess():
-                    self.text_win.addstr(6, 8, "You have to enter GRUB password first")
-                    break
-
+            elif c == ord('a') and self.cf.hasPasswordAccess():
                 # find the kernel line, edit it and then boot
                 img = self.cf.images[self.selected_image]
                 for line in img.lines:
@@ -479,23 +470,18 @@ class Grub:
                             self.isdone = True
                             break
                 break
-            elif c == ord('e'):
-                # we disallow access without password specified
-                if not self.cf.hasPasswordAccess():
-                    self.text_win.addstr(6, 8, "You have to enter GRUB password first")
-                    break
-
+            elif c == ord('e') and self.cf.hasPasswordAccess():
                 img = self.cf.images[self.selected_image]
                 self.edit_entry(img)
                 break
             elif c == ord('p') and self.cf.hasPassword():
-                self.text_win.addstr(6, 8, "Enter password: ")
+                self.text_win.addstr(6, 1, "Password: ")
                 pwd = self.text_win.getstr(6, 8)
                 if not self.cf.checkPassword(pwd):
-                    self.text_win.addstr(6, 8, "Incorrect password!")
+                    self.text_win.addstr(6, 1, "Password: ")
+                    self.text_win.addstr(7, 0, "Failed!")
                     self.cf.setPasswordAccess( False )
                 else:
-                    self.text_win.addstr(6, 8, "Access granted     ")
                     self.cf.setPasswordAccess( True )
                 break
             elif c in (curses.KEY_ENTER, ord('\n'), ord('\r')):
openSUSE Build Service is sponsored by